Network Scanning

Scanning is a process that involves engaging and examines a target network to reveal useful information and then use that information for later phases of the pentest.

Before we start scanning just take a look into TCP flags:

SYN initiates a connection between two hosts to facilitate communication.
ACK acknowledges the successful receipt of a packet.
URG means the packet is urgent and should be processed immediately.
PSH it indicates to the receiving host that the received data should be passed to the receiving application immediately.
FIN means there is no more data from the sender.
RST Resets a connection.

Nmap is a free and open-source network scanner for network exploration and security auditing created by Gordon Lyon. Nmap is used to discover hosts and services on a computer network by sending packets and analyzing the responses.

Ping remote system: We can ping the remote system using the hostname and using the IP address. If we use the hostname and receive no reply that may indicate that there is a DNS problem. So make it a habit to ping the system using the IP address.

~nmap -sP -v <target IP address> | nmap -sP -v <targert hostname>

Ping Sweep: We use this technique to scan or sweep a range of IPs looking for live hosts.

~nmap -sP -PE -PA<port numbers> <startingIP — endingIP>

Full-Open Scan: A TCP Full-Open Scan checks every port after performing a full three-way handshake on each port to determine if it was open. If a port is open on a target device, the target responds with an ACK packet. If the port is closed, an RST packet is sent.

~nmap -sT <target IP address>

Stealth or Half-Open Scan: It’s similar to the Full-Open Scan just differs from the last step of the three-way handshake. The full-open scan completes the three-way handshake with a final ACK message in response to an SYN-ACK, the half-open does not. In a half-open scan, the scanning system responds with an RST message to the SYN-ACK message. The benefit of using this type of scan is that it reduces the chances of being detected.

~nmap -sS <target IP address>

Xmas Tree Scan: In this scan, a packet is sent to the client with URG, PSH, and FIN all set to on. The most modern systems simply ignored or dropped that packet, but on some systems, the lack of response tells you a port is open, where the RST packet tells you the port is closed.

~nmap -sX -v <target IP address>

-v Increases the verbosity level, causing Nmap to print more information about the scan in progress.

FIN Scan: In this scan, a packet is sent to the client with only FIN flag enabled. This type of scanning technique is effective because it can reliably pass through firewalls without alteration and then right on toward the target. If the target does not respond, it means the port is open. If the target replies with an RST packet, the port on the target is closed.

~nmap -sF <target IP address>

Null Scan: In this scan, a packet is sent to the client without enabling any flag. Once again, the target will be confused and will not respond. This will indicate the port is open on the target. If the target responds with an RST packet, this means the port on the target is closed.

~nmap -sN <target IP address>

ACK Scan: Some scans can be detected or even blocked due to some firewalls. Most organizations deploy a firewall at their perimeter, between the internet and their local area network (LAN) to prevent any threats from entering or leaving their network. We can use an ACK scan to help us determine whether our target organization has a firewall in place.

~nmap -sA <target IP address>

We can also do this by fragmenting(by breaking) a packet. Think of it as a jigsaw puzzle. If you don’t have any idea of the original picture, you have to reassemble pieces to figure it out. In nmap, we can do fragmenting by using the –f as follows:

~nmap -sS -f <target IP address>

Related posts:

Throughout the late 17th century coffeehouses were largely male dominated spaces. It was “unladylike” for a women to be seen conversing or taking part in drinking coffee among men. This largely…

It is really my first time writing for an essay page and even more so if it is writing about my talents in current technology Throughout my life I have shown extensive knowledge in the area of…

Tired of your 9 to 5 job and looking for something more exciting? Check out these three unusual and high-paying careers. Yup, you read that right. Professional snugglers are people who get paid to…